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Art Unit: 2133 
DETAILED ACTION 



Drawings 

1 . Figure 1 should be designated by a legend such as -Prior Art™ because it is 
referred to by the applicant in the "Background Art" section, and thus not a part of the 
instant invention. See MPEP § 608.02(g). A proposed drawing correction or corrected 
drawings are required in reply to the office action to avoid abandonment of the 
application. The objection to the drawings will not be held in abeyance. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

3. Claims 1,4, 10-12, 15, 21-23, 26, 32 and 33 are rejected under 35 U.S.C. 102(b) 
as being anticipated by Dare et al. United States Letters Patent Number 5,684,950. 

As per claim 1: 

Dare et al. teach a method for accessing a session comprising: 
associating a user with said session; and (Col. 4; line 2; authentication is 
achieved) 

presenting an authenticated token to access said session from a first terminal. 
(Col. 4; lines 23-24; workstations has to send the Kerberos Ticket Granting Ticket 
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(KTGT) to authentication broker to exchange for Kerberos Service Ticket (KST) to gain 
access to the Kerberos Ticket-based server; KST reads on authenticated token) 
As per claim 4: 

Dare et al. teach a method authenticating an identity of said user. (Col. 5; lines 
4-5; the user ID along with the password are then sent to the authentication broker) 
As per claim 10: 

Dare et al. teach a method wherein said step of associating comprises: 
converting an initial token to said authenticated token. (Col. 4; lines 23-24; workstations 
has to send the Kerberos Ticket Granting Ticket (KTGT) to authentication broker to 
exchange for Kerberos Service Ticket (KST)) 
As per claim 1 1 : 

Dare et al. teach a method wherein said session is identified by said 
authenticated token. (Col. 4; lines 2-3; if authentication is achieved, it permits an open 
session to occur such that the user may utilize all the services provided by Kerberos 
Ticket-based server) 
As per claim 12: 

Dare et al. teach a session accessing system comprising: 

an associating unit configured to associate a user with a session; and (Col. 4; 
line 2; authentication is achieved) 

a first presenting unit configured to present said authenticated token to access 
said session from a first terminal. (Col. 4; lines 23-24; workstations has to send the 



Application/Control Number: 09/858,01 7 Page 4 

Art Unit; 2133 

Kerberos Ticket Granting Ticket (KTGT) to authentication broker to exchange for 
Kerberos Service Ticket (KST) to gain access to the Kerberos Ticket-based server) 
As per claim 15: 

Dare et al. teach system wherein said associating unit comprises: an 
authentication unit configured to authenticate an identity of said user. (Col. 5; lines 4-5; 
the user ID along with the password are then sent to the authentication broker) 
As per claim 21: 

Dare et al. teach a session accessing system wherein said associating unit 
comprises: 

a conversion unit configured to convert an initial token to said authenticated 
token. (Col. 4; lines 23-24; workstations has to send the Kerberos Ticket Granting Ticket 
(KTGT) to authentication broker to exchange for Kerberos Service Ticket (KST)) 
As per claim 22: 

Dare et al. teach a session accessing system wherein said session is identified 
by said authenticated token. (Col, 4; lines 2-3; if authentication is achieved, it permits an 
open session to occur such that the user may utilize all the services provided by 
Kerberos Ticket-based server) 
As per claim 23: 

Claim 23 is a software version of claim 1 . Therefore, it is rejected on the same 
rationale set forth in rejection claim 1 . 
As per claim 26: 
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Claim 26 is a software version of claim 4. Therefore, it is rejected on the same 
rationale set forth in rejection claim 4. 
As per claim 32: 

Claim 32 is a software version of claim 10. Therefore, it is rejected on the same 
rationale set forth in rejection claim 10. 
As per claim 33: 

Claim 33 is a software version of claim 1 1 . Therefore, it is rejected on the same 
rationale set forth in rejection claim 1 1 . 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 

the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 

the various claims was commonly owned at the time any inventions covered therein 

were made absent any evidence to the contrary. Applicant is advised of the obligation 

under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 

not commonly owned at the time a later invention was made in order for the examiner to 

consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 

prior art under 35 U.S.C. 103(a). 
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5. Claims 2, 13 and 24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Dare et al. United States Letters Patent Number 5,684,950 in view of Lin et al. 
United States Letters Patent Number 6,052,785. 
As per claim 2: 

Dare et al teach all the subject matter as described above. Dare et al. further 
disclose access to all servers within the distributed computing network can be granted 
via a single network authentication request. Not explicitly disclosed by Dare et al. is that 
presenting said authenticated token to access said session from a second terminal. 

Lin et al. in analogous art, however, teach presenting said authenticated token to 
access said session from a second terminal. (Col 8, lines 15-17; a single security server 
supporting multiple applications without the overhead of repeated credential requests 
and validations) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Dare et al. to 
include presenting said authenticated token to access said session from a second 
terminal. This modification would have been obvious because a person having ordinary 
skill in the art would have been motivated to do so, as suggested by Lin et al., (Col. 4; 
lines 37-38) in order to increase security and simplify credential management by 
augmenting existing security and authentication schemes. 
As per claim 13: 

Dare et al teach all the subject matter as described above. Dare et al. further 
disclose access to all servers within the distributed computing network can be granted 
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via a single network authentication request. Not explicitly disclosed by Dare et al. is a 
system comprising a second presenting unit configured to present said authenticated 
token to access said session from a second terminal. 

Lin et al. in analogous art, however, teach a second presenting unit configured to 
present said authenticated token to access said session from a second terminal. (Col 8, 
lines 15-17; a single security server supporting multiple applications without the 
overhead of repeated credential requests and validations) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Dare et al. to 
include a second presenting unit configured to present said authenticated token to 
access said session from a second terminal. This modification would have been obvious 
because a person having ordinary skill in the art would have been motivated to do so, 
as suggested by Lin et al., (Col. 4; lines 37-38) in order to increase security and simplify 
credential management by augmenting existing security and authentication schemes. 
As per claim 24: 

Claim 24 is a software version of claim 2. Therefore, it is rejected on the same 
rationale set forth in rejection claim 2. 

6. Claims 5-9, 16-20 and 27-31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Dare et al. United States Letters Patent Number 5,684,950 in view of 
Moussa et al. United States Letters Patent Number 6,035,406. 
As per claim 5: 
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Dare et al. teach all the subject matter as described above. Not explicitly 
disclosed by Dare et al. a method wherein said step of authenticating comprises: 
obtaining a physical token assigned to said user. 

Moussa et al. in analogous art, however, teach a method wherein said step of 
authenticating comprises: obtaining a physical token assigned to said user. (Col. 2, line 
9) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Dare et al. to 
include a method wherein said step of authenticating comprises: obtaining a physical 
token assigned to said user. This modification would have been obvious because a 
person having ordinary skill in the art would have been motivated to do so, as 
suggested by Moussa et al., (Col. 1; lines 9-10) in order to have a security system which 
attempt to authenticate a user based on one or more kinds of information. This way, the 
system will be more secure. 
As per claim 6: 

Dare et al. teach all the subject matter as described above. Not explicitly 
disclosed by Dare et al. a method wherein said step of authenticating comprises: 
obtaining a passphrase. 

Moussa et al. in analogous art, however, teach a method wherein said step of 
authenticating comprises: obtaining a passphrase. (Col. 1, line 11) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Dare et al. to 
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include a method wherein said step of authenticating comprises: obtaining a 
passphrase. This modification would have been obvious because a person having 
ordinary skill in the art would have been motivated to do so, as suggested by Moussa et 
al., (Col. 1 ; lines 9-10) in order to have a security system which attempt to authenticate 
a user based on one or more kinds of information. This way, the system will be more 
secure. 

As per claim 7: 

Dare et al. teach all the subject matter as described above. Not explicitly 
disclosed by Dare et al. a method wherein said step of authenticating comprises: 
obtaining a biometric identifier. 

Moussa et al. in analogous art, however, teach a method wherein said step of 
authenticating comprises: obtaining a biometric identifier. (Col. 2, line 8) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Dare et al. to 
include a method wherein said step of authenticating comprises: obtaining a biometric 
identifier. This modification would have been obvious because a person having ordinary 
skill in the art would have been motivated to do so, as suggested by Moussa et al., (Col. 
1 ; lines 9-10) in order to have a security system which attempt to authenticate a user 
based on one or more kinds of information. This way, the system will be more secure. 
As per claim 8: 
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Dare et al. teach all the subject matter as described above. Not explicitly 
disclosed by Dare et al. a method wherein said biometric identifier is a finger print 
pattern. 

Moussa et al. in analogous art, however, teach a method wherein said biometric 
identifier is a finger print pattern. (Col. 3, line 25) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Dare et al. to 
include a method wherein said biometric identifier is a finger print pattern. This 
modification would have been obvious because a person having ordinary skill in the art 
would have been motivated to do so, as suggested by Moussa et al., (Col. 1 ; lines 9-10) 
in order to have a security system which attempt to authenticate a user based on one or 
more kinds of information. This way, the system will be more secure. 
As per claim 9: 

Dare et al. teach all the subject matter as described above. Not explicitly 
disclosed by Dar6 et al. a method wherein said biometric identifier is a retinal image. 

Moussa et al. in analogous art, however, teach a method wherein said biometric 
identifier is a retinal image. (Col. 1, line 17) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Dare et al. to 
include a method wherein said biometric identifier is a retinal image. This modification 
would have been obvious because a person having ordinary skill in the art would have 
been motivated to do so, as suggested by Moussa et al., (Col. 1 ; lines 9-10) in order to 
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have a security system which attempt to authenticate a user based on one or more 
kinds of information. This way, the system will be more secure. 
As per claim 16: 

Dare et al. teach all the subject matter as described above. Not explicitly 
disclosed by Dare et al. a system wherein said authentication unit comprises: a user 
interface configured to obtain a physical token assigned to said user. 

Moussa et al. in analogous art, however, teach a system wherein said 
authentication unit comprises: a user interface configured to obtain a physical token 
assigned to said user. (Col. 2, line 9) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Dare et al. to 
include a system wherein said authentication unit comprises: a user interface configured 
to obtain a physical token assigned to said user. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to 
do so, as suggested by Moussa et al., (Col. 1 ; lines 9-10) in order to have a security 
system which attempt to authenticate a user based on one or more kinds of information. 
This way, the system will be more secure. 
As per claim 17: 

Dare et al. teach all the subject matter as described above. Not explicitly 
disclosed by Dare et al. a system wherein said authentication unit comprises: a user 
interface configured to obtain a passphrase. 
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Moussa et al. in analogous art, however, teach a system wherein said 
authentication unit comprises: a user interface configured to obtain a passphrase. (Col. 
1, line 11) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Dare et al. to 
include a system wherein said authentication unit comprises: a user interface configured 
to obtain a passphrase. This modification would have been obvious because a person 
having ordinary skill in the art would have been motivated to do so, as suggested by 
Moussa et al., (Col. 1 ; lines 9-10) in order to have a security system which attempt to 
authenticate a user based on one or more kinds of information. This way, the system 
will be more secure. 
As per claim 18: 

Dare et al. teach all the subject matter as described above. Not explicitly 
disclosed by Dare et al. a system wherein said step of authenticating comprises: a user 
interface configured to obtain a biometric identifier. 

Moussa et al. in analogous art, however, teach a system wherein said step of 
authenticating comprises: a user interface configured to obtain a biometric identifier. 
(Col. 2, line 8) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Dare et al. to 
include wherein said step of authenticating comprises: a user interface configured to 
obtain a biometric identifier. This modification would have been obvious because a 
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person having ordinary skill in the art would have been motivated to do so, as 
suggested by Moussa et al. v (Col. 1 ; lines 9-10) in order to have a security system which 
attempt to authenticate a user based on one or more kinds of information. This way, the 
system will be more secure. 
As per claim 19: 

Dare et al. teach all the subject matter as described above. Not explicitly 
disclosed by Dare et al. a system wherein said biometric identifier is a finger print 
pattern. 

Moussa et al. in analogous art, however, teach a system wherein said biometric 
identifier is a finger print pattern. (Col. 3, line 25) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Dare et al. to 
include a system wherein said biometric identifier is a finger print pattern. This 
modification would have been obvious because a person having ordinary skill in the art 
would have been motivated to do so, as suggested by Moussa et al., (Col. 1; lines 9-10) 
in order to have a security system which attempt to authenticate a user based on one or 
more kinds of information. This way, the system will be more secure. 
As per claim 20: 

Dare et al. teach all the subject matter as described above. Not explicitly 
disclosed by Dare et al. a system wherein said biometric identifier is a retinal image. 

Moussa et al. in analogous art, however, teach a system wherein said biometric 
identifier is a retinal image. (Col. 1, line 17) 
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Therefore, it would have been obvious to a person having ordinary skill in 
the art at the time the invention was made to modify the system disclosed by Dare et al. 
to include a system wherein said biometric identifier is a retinal image. This modification 
would have been obvious because a person having ordinary skill in the art would have 
been motivated to do so, as suggested by Moussa et al. v (Col. 1 ; lines 9-10) in order to 
have a security system which attempt to authenticate a user based on one or more 
kinds of information. This way, the system will be more secure. 
As per claim 27: 

Claim 27 is a software version of claim 5. Therefore, it is rejected on the same 
rationale set forth in rejection claim 5. 
As per claim 28: 

Claim 28 is a software version of claim 6. Therefore, it is rejected on the same 
rationale set forth in rejection claim 6. 
As per claim 29: 

Claim 29 is a software version of claim 7. Therefore, it is rejected on the same 
rationale set forth in rejection claim 7. 
As per claim 30: 

Claim 30 is a software version of claim 8. Therefore, it is rejected on the same 
rationale set forth in rejection claim 8. 
As per claim 31: 

Claim 31 is a software version of claim 9. Therefore, it is rejected on the same 
rationale set forth in rejection claim 9. 
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7. Claims 3, 14 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Dare et al. United States Letters Patent Number 5,684,950 in view of Lin et al. 
United States Letters Patent Number 6,052,785 further in view of Devine et al. United 
States Letters Patent Number 6,598,167. 
As per claim 3: 

Both references, Dare et al. and Lin et al. teach all the subject matter described 
above. Lin et al. further disclose initial authorization of the client user causes the 
security server to return credentials for multiple applications. These credentials are then 
stored in the security hash table enabling the user to access the identified application 
without further authentication. (Col. 5; lines 50-54) A user is able to access the same 
remote drive through different browsers using SHTTP protocol, (Col. 9; lines 9-11) 
which indicates that the input and output for the session is routed to the users latest 
opened browser. Neither of the references, however, teach explicitly a method 
comprising: sending a session disconnect signal to said first terminal. 

Devine et al. in analogous art, however, disclose detecting client sessions, e.g., 
the client session that has been disconnected from the server without notice because of 
a client-side crash or network problem. (Col. 21 ; lines 36-40) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Dare et al. and 
Lin et al. to include a method comprising: sending a session disconnect signal to said 
first terminal; and routing input and output for said session to said second terminal. This 
modification would have been obvious because a person having ordinary skill in the art 
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would have been motivated to do so, as suggested by Devine et al., (Col. 4; lines 8-9) in 
order to have a centralized user authentication and to assist in restricting authorized 
access by effectively preventing session from remaining open. 
As per claim 14: 

Both references, Dare et al. and Lin et al. teach all the subject matter described 
above. Lin et al. further disclose initial authorization of the client user causes the 
security server to return credentials for multiple applications. These credentials are then 
stored in the security hash table enabling the user to access the identified application 
without further authentication. (Col. 5; lines 50-54) A user is able to access the same 
remote drive through different browsers using SHTTP protocol, (Col. 9; lines 9-1 1 ) 
which indicates that the input and output for the session is routed to the users latest 
opened browser. Neither of the references, however, teach explicitly a system 
comprising: a messaging unit configured to send a session disconnect signal to said 
first terminal. 

Devine et al. in analogous art, however, disclose detecting client sessions, e.g., 
the client session that has been disconnected from the server without notice because of 
a client-side crash or network problem. (Col. 21; lines 36-40) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Dare et al. and 
Lin et al. to include a system comprising: a messaging unit configured to send a session 
disconnect signal to said first terminal; and a routing unit configured to route input and 
output for said session to said second terminal. This modification would have been 
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obvious because a person having ordinary skill in the art would have been motivated to 
do so, as suggested by Devine et al., (Col. 4; lines 8-9) in order to have a centralized 
user authentication and to assist in restricting authorized access by effectively 
preventing session from remaining open. 
As per claim 25: 

Claim 25 is a software version of claim 3. Therefore, it is rejected under the same 
rationale set forth in rejecting claim 3. 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. Jensenworth et al. U.S. Patent No. 6,279,1 1 1 

This reference pertains a restricted access token created from an existing token 
and provides less access. 

b. Kells et al. U.S. Patent No. 5,764,887 

This reference pertains to system and method for supporting distributed 
computing mechanisms in a local area network server environment. 

c. Nadooshan U.S. Patent No. 6,161,182 

This reference pertains to a centralized token generating server for limiting 
access to remote equipment. 

d. Zhang et al. U.S. Patent No. 6,253,327 

This reference pertains to a method and apparatus for providing single-step 
logon access for a subscriber to a differentiated computer network having more than 
one separate access area. 
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e. Chang et al. U.S. Patent No. 6,715,082 

This reference pertains to a mechanized for establishing a plurality of sessions 
between a client and a first server based on a single input of user authenticating 
information. 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shewaye Gelagay whose telephone number is 571-272- 
4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Albert Decady can be reached on 571-272-3819. The fax phone number for 
the organization where this application or proceeding is assigned is 571-272-2100. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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